Device for protecting against unauthorized use of software

ABSTRACT

A device for protecting against unauthorized use of software, characterized in that a first processor emulates a second processor ( 3 ), whereby the second processor executes program code and the second processor transmits data to a computing system running the software in a process, whereby the process enters an error condition if the data contain errors.

The invention refers to a device for protecting against the unauthorized use of software.

State-of-the-art: in the SAM copy protection system from Comprotec, encrypted, secret programs of a protected PC application are transmitted to a dongle connected to the PC. The dongle contains a device for decrypting and executing the program. During execution of the program, unencrypted data are exchanged with the protected application. The protected application only works properly if the data exchanged are without errors. This is only possible if the dongle is connected to the PC. The dongle is usually distributed together with the protected application. Since the dongle is very difficult or even impossible to reproduce without knowledge of the secret technical details and the programs run on the dongle are kept secret, unauthorized use of the application is prevented. The secret programs can also read and write to a persistent memory on the dongle. This enables, for example, license information to be transmitted to the dongle without this procedure being manipulated externally.

The disadvantage of this copy protection device consists thereof that the copy protection manufacturer cannot change the processor type on the dongle without requiring considerable changes to the protected applications and the secret program code. Moreover, the application provider is committed to using a dongle from a particular provider of copy protection. The use of dongles from other copy protection providers is generally not possible without changing the application if these use other types of processors. Another disadvantage is that the copy protection provider can only use processors that enable the program code to be read from RAM. Since the programs should be replaceable, reading from a ROM or EPROM is not an option. Using smart card controllers which meet high security standards is generally not possible, since these generally only run permanently stored program code. Furthermore, the creation of a standard for license transactions is not possible, if providers of copy protection use various processor types with diverse instruction sets.

The present invention is based on the object of enabling the execution of secret, exchangeable program code for protection against unauthorized use of an application to run independent of the processor type and to enable the use of controllers with permanent program storage, particularly smart card controllers, for execution. In addition, the creation of a standard for license transactions should be supported.

The object is solved by claim 1. A first processor 2 emulates a possibly virtual second processor 3. The architecture and instruction set of the second processor 3 can be published. A provider of copy protection can implement the instruction set in an instruction interpreter on the processor type of his choice. A protected application is independent of the implementation of this instruction interpreter and of the specific properties of the first processor 2. The copy protection devices of various manufacturers are compatible with one another. A protected application can work in conjunction with the copy protection devices of various manufacturers. This consequence is particularly important if the copy protection device is to be built into mobile telephones. A further consequence is that a provider of copy protection can change the first processor 2 any time, if for example it is no longer available, without the provider of an application having to change the application.

The choice of a smart card controller is described in claim 2. According to this claim it is even possible to let a processor of the computer system 7, such as the processor of the PC hosting the application or a security controller installed on the PC motherboard, emulate the second processor 3. In the device according to claim 3, the secret program codes (4) are transmitted in encrypted form to the first 2 or second processor 3, decrypted and executed. This can happen in one step or several partial steps. Preferably, the secret program codes 4 will be transmitted from the computing system 7 to the first 2 or second processor 3. In order to keep the memory requirement for emulation low, it can be a good idea to perform the transmission in several partial steps. After each partial step, the first processor 2 informs the computing system which program code 4 should be sent next, which depends on the status of the second processor 3, in general of the new calculated program counter. Virtual program storage is achieved this way. A virtual data store for the second processor 3 can also be implemented this way.

In a further embodiment of the invention, the encryption and decryption are carried out in two steps. During encryption, the program code 4 is encrypted with a symmetric encryption key 8. The key 8 is then encrypted with a public key 9 and transmitted together with the program code 4 to the first 2 or second processor 3. This one then decodes the key 8 with an appropriate private key 10. Then the key 8 is used to decode the program code 4. This procedure enables an application developer to choose the processors or processor types for executing the program code 4. If, for example, a processor type appears not secure to the application developer, so that it is feared the secret program code 4 may become known, then the application developer encrypts the program code 4 with public keys 9 from processor types that appear secure rather than with the public key 9 assigned to this processor type.

The second processor 3 could, according to claim 5, read and write license information in a persistent memory for example. If the instruction set of the second processor 3 receives cryptographic instructions such as those described in claim 6, secondary processors 3 can exchange the encrypted data among themselves or for example a second processor 3 can emulate other data generators that execute cryptographic functions.

The use of public key procedures is provided for in claim 7 for the transfer of license information from one processor to another processor 3. This generally enables encryption and authentication of transferred data between secondary processors 3.

Another option for emulating a second processor 3 beside a dongle connected to a PC is the use of wireless, preferably handheld devices, such as mobile telephones, pocket computers, etc. These are described in claims 8 and 9. This option makes it easier for the user of the protected application to handle the copy protection. For example, the user need only have his mobile telephone with him and can then also use a protected, but licensed application even at other locations without manual intervention. Furthermore, the user can use an Internet connection or dial a particular telephone number to transfer a software license to his mobile telephone, as covered in claims 10 and 11. In the latter case, the license value could be billed via the telephone invoice. In addition with mobile telephones there is the option to use the security controller that is usually present to emulate the second processor 3.

The invention will be described below using an example referring to FIG. 1. A dongle connected to a computing system 7 contains a first processor 2 with an instruction set containing an instruction for decoding. In addition, the first processor 2 contains a working register and RAM and is externally protected against reading and manipulation of the contents of memory. A program stored in a ROM of the first processor 2 emulates a second processor 3, which also contains a working register and RAM. This RAM and this working register are saved in the RAM of the first processor 2 during this process. The instructions of the second processor 3 are implemented using an interpreter that is also stored in the ROM of the first processor 2, which recognizes the instruction operating codes of programs intended for the second processor 3 and triggers certain actions for each recognized instruction, such as changing the register contents of the second processor 3 or sending and/or receiving data from the computing system 7. An application 1 will be started on the computing system. The application 1 transmits an encrypted program code 4 to the first processor 2. The first processor 2 decodes the program code 4 using its decoding instruction. Now the interpretation of the decoded program code begins on the first processor 2, which is equivalent to emulation of a second processor 3. The program code 4 contains instructions with which data sent by the computing system 7 are received. These data are processed using the interpreted program code 4, and the results needed by the active application 1 are sent to the computing system 7. If the results are not received or mistakes are found in the results, the process executing the application 1 goes to an error condition, in which for example the application 1 deviates from its intended behavior. As a result, the proper utilization of the application 1 is prevented and the application 1 is thereby protected against unauthorized use. 

1. A device for protecting against unauthorized use of software, characterized in that a first processor emulates a second processor, whereby the second processor executes program code and the second processor transmits data to a computing system running the software in a process, whereby the process enters an error condition if the data contain errors.
 2. A device according to claim 1, characterized in that the first processor is a microcontroller, a smart card controller or a processor of the computing system.
 3. A device according to claim 1, characterized in that the first or second processor receives the program code in encrypted form and decodes it.
 4. A device according to claim 3, characterized in that the first or second processor also receives an encryption key for a symmetric encryption, said key being encrypted with a public key, whereby the program code has been encrypted with the key, and subsequently the key is decoded with a private key associated with the public key and thereafter the program code is decoded with the key.
 5. A device according to claim 1, characterized in that the instruction set of the second processor contains instructions that can read from and/or write to a persistent memory.
 6. A device according to claim 1, characterized in that the instruction set of the second processor contains cryptographic instructions.
 7. A device according to claim 6, characterized in that the instruction set of the second processor contains instructions for executing public key encryption processes.
 8. A device according to claim 1, characterized in that the first processor is located in a portable, wireless device.
 9. A device according to claim 8, characterized in that the device is a mobile telephone, a PDA, a handheld computer or a combination thereof.
 10. A device according to claim 9, characterized in that the device receives software license information by means of a telephone connection, said information able to be queried by program codes.
 11. A device according to claim 1, characterized in that the first processor directly or indirectly receives or sends software license information via an Internet connection. 